It was only a matter of time. The revelations that U.S. government agencies were conducting illegal surveillance on Americans put pressure on Internet vendors to place powerful security protocols in their products. The 2nd U.S. Circuit Court of Appeals in Manhattan said the PATRIOT Act (a set of laws, some of which permit more government surveillance) did not authorize the National Security Agency (NSA) to collect Americans’ calling records in bulk.

Consequently, during the past few months, several major companies who provide their customers with access to the Internet, called Internet Service Providers (ISPs), have made advanced cryptographic products available to their customers. The products scramble (encrypt) user data so that it cannot be read by anyone other than those who are able to unscramble (decrypt) the data.

After reading about frequent security breaches at lauded institutions, such as Sony and the United States government, you might be discouraged about the seeming futility of obtaining privacy of communications on the Internet. It is evident that user traffic can be intercepted, stored, and analyzed.

For some good news, the user content can rather easily be protected. If a sending user takes a few moments to scramble the data at the sending site and the receiving user unscrambles it at the receiving site, user content is protected. Depending on the product, the operations are almost transparent to a user. In addition, other features of these systems include:

• Verifying that user content has not been altered. As we become more dependent on the Internet, it is probable that assorted hackers, with increasing frequency, will attempt to modify users’ traffic. There is a lot of money to be made: Examples are altering a funds transfer, changing the text in a will, or modifying business correspondence.

• Verifying the party that sent the message is the correct party. This feature will also become increasingly important as more business correspondence is carried online. One feature of this attribute is called a digital signature. In the past, electronic correspondence has been handicapped by the lack of a feature to validate a piece of correspondence and its originator as being legitimate. It is now possible to authenticate Internet correspondence with a digital signature. The technology is widely available and can serve as a replacement to registered mail as well as for signatures certified by a public notary (depending on local laws).

Be aware that encryption operations must take place in the user machines, and not intermediate nodes along the way, such as routers and servers that belong to third parties. If you allow a third party to become involved in the process, the purpose may be defeated. This concept is called the end-to-end principle. Do not forsake this principle unless you have absolute trust in a third party. As a general rule: Do not trust anyone but yourself and the party with whom you are exchanging traffic.

For the remainder of this article, two security features are highlighted: the Advanced Encryption Standard and the two-step verification procedure. Their descriptions will be of a general nature. The important point is to strongly encourage you to make certain the company that offers security services to you has these technologies in its product line. This recommendation is especially important for organizations (or individuals) who are sending sensitive data over the Internet.

The Advanced Encryption Standard

The Advanced Encryption Standard (AES) is the tool used by Internet vendors and end-users to protect traffic. Thus far, it has proven to be impregnable. It is widely available in most but not all vendor products. If you do not care if your email, text, pictures etc. might be examined by other Internet parties, you may not wish to involve yourself in this process. However, if you or your company must exchange sensitive correspondence — increasingly being done over the Internet — you are running a fool’s errand by having your traffic sent in the clear. While AES is not the end-all of crypto systems, it has become a de facto standard in the industry.

Two-Step Verification

One of the most serious security problems facing companies and individuals is hackers discovering their passwords (also referred to as “keys” in some literature). With this information, it is often easy to gain access into a system. To address this problem, an effective security tool is called two-step verification.

It is used to prevent hackers from accessing a user system. This powerful security feature is available from many Internet vendors. I highlight Apple’s system, but keep in mind that other companies offer similar capabilities.

What makes two-step authentication effective is that the first part is the password itself, which is something you know. And the second step, according to The Economist, May 30, 2015, user traffic:

“…can be made more robust by being paired with “something you have,” which could be a device or app which receives or generates a unique code, known as a token. ... Such gadgets are already widely available in online banking for users to generate a code when accessing their accounts. The code can also be texted to a user’s mobile phone when logging into their email on a computer.”

Some systems add security questions (such as, what is the maiden name of your mother?) to further enhance the robustness of the system.

To demonstrate how easy it is to use two-step verification, consider Apple’s procedures. Apple requires only that a user verify his/her identity by registering one or more of Apple’s hardware devices, such as an iPhone.

The figure below is a reproduction of an Apple graphic that illustrates the process. After the completion of these actions, the user later verifies his/her identity by entering both a password and the 4-digit verification code in order to access a site such as iCloud or iTunes. The user is not allowed access unless both the password and verification code are correctly entered. Notice that most of the work is done at Apple’s end and not at the user’s end.

(SEE ABOVE GRAPHIC)

Nonetheless, you might be asking at this point: “Uyless claims these procedures are simple and easy to use, but they do require effort on my part. Is it worth it?”

I only ask you to read your user’s manual or call your security provider, and give it a go. To answer the hypothetical question: What are your family photographs, tax forms, letters — all your Internet files worth to you? Burning a few calories to make your files safe is indeed worth it. I’ve had clients who have lost files to hackers, a misfortune that drove some of them into depression.

Uyless Black is an award-winning author who has written 40 books on a variety of subjects. His latest book is titled “2084 and Beyond,” a work on the origins and consequences of human aggression. He resides in Coeur d’Alene.